Detecting domains generated by a domain generation algorithm

摘要

Apparatus and techniques for determining whether a domain name has been generated by a domain generation algorithm (DGA) are disclosed. A first domain name is classified as either a likely domain generation algorithm (DGA) domain name or a likely non-DGA domain name, based on one or more features of the first domain name. In addition, statistics are determined regarding requests for the first domain name. Additional domain names are identified that share an infrastructure with the first domain name. A determination is made regarding whether the first domain name and/or one or more of the additional domain names are likely to have been generated by a DGA, based on a result of one or more of the classifying, the statistics, or the identifying. A security vulnerability related to one or more of the likely DGA domain names is then mitigated.